SpotMe GDPR Implementation

The European Union’s General Data Protection Regulation (GDPR) will be taking effect on May 25, 2018 and will affect SpotMe’s and our customers’ business operations. More information on GDPR can be found on http://europa.eu/dataprotection.

As compliance with data protection legislation is crucial for SpotMe’s and our customers’ businesses, SpotMe has taken the following steps with regards to the data processing operations SpotMe carries out in light of the changing privacy legislation framework:

A GDPR-compliant Privacy Policy (https://spotme.com/app-privacy-policy) is the default policy for all SpotMe Live Event Apps, SpotMe Hybrid and Virtual Apps, and SpotMe Engagement Apps powered by the SpotMe Enterprise Engagement Platform ; As reflected under the SpotMe Privacy Policy, SpotMe customers have the capacity of “data controllers” and SpotMe has the capacity of “data processor” (within the meaning ascribed to these terms under GDPR);

Privacy Policies can be amended or customized by clients on a per-app (if the container is owned by the client) and/or per-workspace basis.

External Data Protection Officer appointed by SpotMe; Dr. Christian Rauda is SpotMe’s Data Protection Officer and can be contacted on privacy@spotme.com

App functionalities allowing the obtainment of opt-in-based consent for processing of each user’s personal data in accordance with SpotMe default or client’s customized Privacy Policy;

App functionalities allowing each user to have access to SpotMe default or client’s customized Privacy Policy at any time from inside our mobile app (in accordance with the relevant guidance of the Article 29 Working Party);

Collaboration between SpotMe privacy team and SpotMe engineering team supporting the privacy-by-design concept;

Technical and operational processes in place to ensure data subjects’ rights under GDPR can be met, e.g. right to be forgotten or full workspace deletion (ensured through remote data wipe options & certified data deletion option);

Implemented Technical and Organizational Measures in line with the GDPR requirements for the purposes of assuring the security of the data processing activities carried out by SpotMe on behalf of its customers;

Data hosting in the jurisdiction of client’s choice: U.S., The Netherlands, Germany, Switzerland, Singapore or Australia

All above assertions are the subject of specific controls contained in the SpotMe SOC2 report audited by Mazars Ltd. (Report on SpotMe Holding SA Description of its SpotMe Enterprise Engagement Platform System and on the Suitability of the Design of Controls Relevant to the Security, Availability, Confidentiality and Privacy Principles). Please contact us on infosec@spotme.com for more information on GDPR or, if you are a SpotMe client, to request a copy of the SpotMe SOC2 report.

In fulfillment of the initiated GDPR implementation, effective March 31, 2018, SpotMe will bundle a GDPR-compliant Data Processing Addendum with its Contractual Documents; For any service agreement entered into prior to March 31, 2018 and where applicable, SpotMe will work with its customers to enter into a separate GDPR-compliant Data Processing Addendum. The execution of such Addendum is for the mutual benefit of both SpotMe and its customers and will contribute to our successful partnership in the future.

Disclaimer:

This webpage, our Privacy Policy as well as the app functionalities relating there with which are customized to reflect the specifics of the processing operations associated with our mobile app in the light of the applicable data protection legislation are not intended as a substitute for legal advice and any use thereof by our customers is voluntary, based on customers’ sole free and informed discretion. The aforesaid webpage, Policy and app functionalities are instead made available for the purposes of facilitating the use of SpotMe services by our customers. SpotMe makes no assurances regarding the information contained in this Policy. SpotMe expressly disclaims any warranties, liabilities or damages associated with or arising, directly or indirectly, out of the use of either this webpage, the aforesaid Policy or any app functionalities relating therewith, such as giving of opt-in-based consent by app users to processing of users’ data in accordance with the Privacy Policy, withdrawal of such consent, etc.